惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Stack Overflow Blog
Stack Overflow Blog
Simon Willison's Weblog
Simon Willison's Weblog
B
Blog
V
Visual Studio Blog
G
Google Developers Blog
云风的 BLOG
云风的 BLOG
S
SegmentFault 最新的问题
博客园 - 司徒正美
博客园 - 【当耐特】
T
Tenable Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium
S
Secure Thoughts
Hugging Face - Blog
Hugging Face - Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
IT之家
IT之家
Google DeepMind News
Google DeepMind News
Last Week in AI
Last Week in AI
大猫的无限游戏
大猫的无限游戏
PCI Perspectives
PCI Perspectives
H
Hackread – Cybersecurity News, Data Breaches, AI and More
阮一峰的网络日志
阮一峰的网络日志
P
Privacy International News Feed
N
News and Events Feed by Topic
H
Hacker News: Front Page
MongoDB | Blog
MongoDB | Blog
Google DeepMind News
Google DeepMind News
F
Full Disclosure
Google Online Security Blog
Google Online Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Heimdal Security Blog
Project Zero
Project Zero
C
CERT Recently Published Vulnerability Notes
MyScale Blog
MyScale Blog
AI
AI
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CXSECURITY Database RSS Feed - CXSecurity.com
Spread Privacy
Spread Privacy
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
SecWiki News
SecWiki News
C
Cisco Blogs
The Last Watchdog
The Last Watchdog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Australia Has No AI Act. It Does Not Need One to Fine You A$100 Million.
AI Gov Dev · 2026-05-12 · via DEV Community

In February 2026, Wesfarmers announced an expanded AI partnership with Microsoft covering agentic commerce, supply chain automation, and workforce productivity across its retail brands, including an AI assistant already deployed for Bunnings store staff. Wesfarmers employs more than 118,000 people across some of Australia's largest consumer-facing businesses. They are not an edge case. They are a preview of where every major Australian employer is heading.

Now ask the compliance question that nobody in those partnership announcements addresses: if the law requires a business to give specific instructions to a customer, and an AI agent gives those instructions wrong, who is liable? Under Australian law, the answer is unambiguous. The business is liable. The AI did not hallucinate on its own behalf. It hallucinated on yours.

Australia does not have a standalone AI law. It does not need one. The existing legal framework already creates binding obligations for any business using AI in customer-facing, employment, or financial contexts. And the enforcement infrastructure is tightening fast, with a hard compliance deadline arriving on December 10, 2026 and penalty ceilings that doubled in March 2026.

If you are deploying AI in Australia or serving Australian customers, this is what you need to understand.

The December 10, 2026 Deadline: ADM Transparency Becomes Law

The Privacy and Other Legislation Amendment Act 2024 has already passed. It amends Australia's Privacy Act 1988 to introduce new Australian Privacy Principles (APP 1.7, 1.8, and 1.9) requiring organizations to disclose when automated decision-making systems use personal information to make decisions that significantly affect individuals' rights or interests.

These obligations take effect on December 10, 2026. They require regulated entities to include in their privacy policies the kinds of decisions that are substantially automated and the kinds of personal information used in those decisions. The Office of the Australian Information Commissioner (OAIC) is publishing guidance progressively throughout 2026.

This applies to AI systems used in hiring, lending, insurance underwriting, customer analytics, benefits eligibility, and any other context where personal information feeds into an automated decision with material consequences for the individual. If your AI system takes personal data as input and produces a decision, recommendation, or classification that affects someone's rights, you need to disclose that process and be able to explain it.

The penalties for Privacy Act breaches are already significant. Since the 2022 reforms, serious or repeated breaches can attract penalties of up to the greater of A$50 million, three times the benefit obtained, or 30% of adjusted turnover. For organizations running AI at scale across customer-facing operations, the exposure compounds with every undisclosed automated decision.

The Attorney-General's Department is also developing a consistent legislative framework for ADM in government services, responding to the Robodebt Royal Commission's recommendation for transparency and safeguards around automated government decision-making. While the government framework is still in development, the Privacy Act obligations for the private sector are final.

Australian Consumer Law: Your AI's Hallucinations Are Your Liability

This is the part most international companies miss about the Australian market. The Australian Consumer Law is not a technology regulation. It is a strict liability regime for misleading conduct that applies regardless of how the misleading content was generated.

Section 18 of the ACL prohibits misleading or deceptive conduct in trade or commerce. The critical feature is that it can be contravened without fault. A business that acts honestly and reasonably still breaches the prohibition if its conduct is misleading. Intent does not matter. The output matters.

Applied to AI, this creates a straightforward liability chain. If an AI-powered chatbot produces a hallucination containing false information about a consumer's rights, a product's features, a service's terms, or a company's policies, the business operating that chatbot has engaged in misleading conduct under the ACL. The business did not intend to mislead. The AI generated the false content. The liability sits with the business anyway.

The ACCC has explicitly flagged this risk. It is actively monitoring AI-enabled practices including reviews, claims, and pricing models, and has identified "AI-washing" (misleading claims about AI capabilities) as an enforcement concern for 2026-27. The ACCC in 2022 successfully obtained penalties against a business for misleading representations that arose from the operation of an algorithm, establishing the precedent that algorithmic outputs are subject to the same consumer law scrutiny as human-generated claims.

The penalty exposure is severe and just increased. From March 28, 2026, maximum penalties for ACL breaches doubled. The first limb jumped from A$50 million to A$100 million. The other limbs (three times the benefit obtained, or 30% of adjusted turnover) remain unchanged. For a large enterprise with significant Australian revenue, a single AI-driven misleading conduct case could produce nine-figure penalties.

The Scenario That Has No Current Solution

Consider the operational reality for any large Australian employer scaling AI across customer-facing workflows. Companies like Wesfarmers are deploying AI assistants for store staff, rolling out Copilot across business units, and exploring agentic commerce where AI takes actions on behalf of the business. The same trajectory is visible across financial services, telecommunications, healthcare, and government. This is not experimental. This is the operating model.

Australian law frequently requires businesses to provide specific instructions, disclosures, or warnings to customers. Financial services companies must give prescribed product disclosure statements. Healthcare providers must deliver informed consent information. Insurance companies must present policy terms in specific ways. Telecommunications companies must disclose contract terms and pricing. Employers must provide workplace rights information. Retail businesses must accurately represent product claims, warranty terms, and refund policies.

When a human delivers these instructions, compliance teams can train them, audit them, and correct them. When an AI agent delivers these instructions, the compliance exposure changes fundamentally.

The AI may omit a required disclosure because the retrieval system did not surface it. The AI may paraphrase a legally prescribed statement in a way that changes its meaning. The AI may combine accurate information from multiple sources into a response that is misleading in aggregate. The AI may confidently state something about a product or policy that was true six months ago but changed after the last training data cutoff. The AI may deliver different versions of the same required information to different customers based on how they phrase their questions, creating inconsistent treatment that itself becomes a compliance issue.

In each case, the business has failed to deliver a legally required communication. Under the ACL's strict liability regime, the fact that the AI generated the error rather than a human is not a defense. The business is liable for the output, not the intent.

At the scale these deployments are reaching, manual review of every AI output is not feasible. The volume of interactions is too high. The review latency would destroy the operational value of using AI in the first place. And periodic audits, by the time they catch a pattern, the noncompliant output has already been delivered to thousands of customers.

There is currently no widely deployed system that evaluates AI outputs against legally required disclosures and business-specific policy constraints at runtime, before the output reaches the customer, while producing the audit evidence that demonstrates compliance was enforced at the moment of delivery. That is the gap.

What Australia's Regulatory Architecture Looks Like in Practice

Australia does not have a single AI regulator. It has multiple regulators with overlapping jurisdiction, and all of them are active.

The OAIC enforces the Privacy Act, including the new ADM transparency obligations. The ACCC enforces consumer law, including misleading conduct by AI systems. ASIC regulates AI in financial services, including algorithmic trading and AI-driven financial advice. APRA expects governance and risk management for AI in banking, insurance, and superannuation. The TGA regulates AI classified as medical devices in healthcare. The eSafety Commissioner oversees AI-generated harmful content under the Online Safety Act.

The government's position, reinforced by the April 2026 response to the Senate Select Committee on Adopting AI, is that existing laws are technology-neutral and already apply to AI. The Treasury review of AI and Australian Consumer Law concluded that the ACL is "fit for purpose" for AI-related consumer harms. No standalone AI legislation is expected in the near term. The expectation is that businesses comply with existing frameworks and that regulators enforce them.

The AI Safety Institute, operational from early 2026 with approximately A$29.9 million in government funding, coordinates risk assessment and provides guidance, but it does not create new legal obligations. Australia's Voluntary AI Safety Standard and AI Ethics Principles provide frameworks for responsible AI, but they are voluntary. The binding obligations come from the Privacy Act, the ACL, and sector-specific regulators.

For companies deploying AI in Australia, this means compliance is not a future concern that depends on legislation passing. The obligations are live. The enforcement infrastructure is active. The penalties are real and recently doubled.

What Runtime Enforcement Looks Like for Australian Compliance

The combination of ADM transparency obligations and strict liability for misleading AI outputs creates a specific compliance architecture requirement. You need three things operating simultaneously.

First, every AI system that makes or contributes to decisions affecting individuals using personal information needs to be inventoried, classified, and disclosed under the new APP 1.7-1.9 obligations before December 10, 2026. If you cannot answer "which AI systems use personal information in automated decisions" you cannot comply with the disclosure requirement.

Second, AI outputs in customer-facing contexts need runtime evaluation against the specific claims, disclosures, and instructions the business is legally required to deliver. This is not generic content moderation. It is policy-specific enforcement: does this output contain the required disclosure? Does it accurately represent the product terms? Does it omit information that the law or company policy requires? Does it make claims the business cannot substantiate?

Third, you need an audit trail that demonstrates, for every customer-facing AI interaction, what policy was in effect, what the AI produced, whether it was evaluated, and what the outcome was. When the OAIC asks how you comply with ADM transparency, or when the ACCC investigates a misleading conduct complaint, the question will be "show us the evidence." A policy document is not evidence. An audit log of enforced policy decisions is.

Why Australia Is a Bigger Market Than It Looks

Australia's regulatory posture creates an unusual market dynamic. There is no standalone AI law generating headlines and driving urgency the way the EU AI Act or the Colorado AI Act do. But the existing legal framework is arguably more immediately enforceable, because the obligations are already in force (ACL) or have a fixed compliance date (Privacy Act ADM, December 10, 2026), the enforcement agencies are well-funded and aggressive (the ACCC brought A$100 million in penalties against Optus in September 2025 for misleading conduct, and the penalty ceilings just doubled), and the strict liability standard for misleading conduct means businesses cannot argue "we didn't mean to" when their AI produces false outputs.

The scale of AI deployment is accelerating fast. Wesfarmers alone plans to more than double its Copilot footprint. Microsoft committed A$25 billion in Australian digital infrastructure in April 2026, its largest global investment. Across financial services, retail, healthcare, and government, the pattern is the same: AI moving from pilot to production at a pace that governance programs have not kept up with.

For companies operating AI across Australian customer-facing workflows, the practical question is not whether governance is required. It is whether the governance operates at runtime, at the speed AI generates outputs, with evidence that an auditor or regulator can verify.

We built Aguardic to enforce AI governance policies at runtime across every surface where AI touches the business. If you are deploying AI in Australia and need to comply with ADM transparency requirements and ACL obligations, extract enforceable rules from your existing compliance documents and see where the runtime gaps are before December 10.


I'm building Aguardic, an AI governance platform that enforces policies at the runtime decision point — deterministic rules for speed, semantic AI for nuance, and custom knowledge for your organization's context. If you're dealing with AI compliance, check it out or drop a question in the comments.

Originally published at www.aguardic.com.